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DETAILED ACTION 

1 . This action is in response to application amendments filed on 1 0-1 8-201 0. 

2. Claims 1 - 38, 41 - 44 are pending. Claims 1 -5,7-11,13,15- 18, 20, 24, 29, 
30, 32 have been amended. Claims 39, 40 have been cancelled. Claims 1,7, 15, 16, 
23, 24, 29, 30 are independent. This application was filed 9-1 1 -2003. 

Response to Arguments 

3. Applicant's additional arguments have been fully considered but they were not 
persuasive. 

3.1 The Specification Objection is withdrawn due to addition of term non-transitory 
computer-readable medium to the specification. 

3.2 The 1 1 2 rejection for Claims 1 , 7, 9, 1 5, 1 6 is withdrawn based on Applicant's 
arguments. 

3.3 The 101 Rejections for Claims 30 - 36 is withdrawn due to the addition of the term 
non-transitory to computer-readable medium. 

3.4 Applicant argues, for Claims 1, 16, 24, 29, 30: vsherein the access candidate 
attributes are revisabie based, at least in part, on a determination indicating that access 
to the first level is prohibited. 
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Bacha discloses modifying access requirements, (see Bacha col. 10, lines 48-60: 
another authorized user such as a resolution authority with ability to update access 
control information) Timson discloses the usage of additional modules to determine 
access requirements after a first level of authorization (a second level of authorization). 
In any event, Bacha discloses that access requirements are modified even if the 
requirements are modified in an access list. The access requirements which control 
access to the document (resource) are still modified (or revised). 

3.5 Applicant argues, there is no teaching that Timson EM's permissions are 
revisabie. 

Timson is not used to disclose this particular claim limitation (revisabie access 
requirements). And, Moreh is also not used to disclose this particular claim limitation. 
Bacha is used to disclose the modification of access requirements. See Section 3.4. 

3.6 Applicant argues, Dependent Claims 2-4,8- 10, 14, 17 - 19, 25, 26, 31 - 33, 37, 
38 

independent claims 7, 16, 24 and 30 have similar limitations as independent claim 
1 . Responses to arguments for independent claim 1 answer arguments against 
independent claims 7, 1 6, 24 and 30. Arguments against dependent claims are 
answered by responses to independent claims. 

3.7 Applicant argues, Ciaim 15: attributes are revisabie. 
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Orsini is not used to disclose this particuiar claim limitation (revisable access 
requirements). The Office Action discloses the claim iimitation(s) Orsini is used to 
reject, 

3.8 Applicant argues, Claim 23: forward the request for access to one or more 
identified data access controllers for evaluation 

Timson discloses the capability to determine access requirement(s) at different 
security levels. Timson discloses the capability to add additional modules used for 
determining access requirements, (see Timson col 4, line 60 - col. 5, line 4: additional 
authorization modules) And, Timson discloses the capability to forward request to 
these additional access requirement modules, (see Timson col. 3, lines 34-40; col. 3, 
lines 57-64: request processing (i.e. submit, forward request for processing); col. 2, 
lines 31-34; col. 2, lines 40-41 : interrogatable and enabling modules, resources to 
enable (i.e. grant) control access to data)) 

3.9 Applicant argues, Dependent Claims 5, 6, 11 - 13, 20 - 22, 27, 28, 34 - 36, 41 - 44 
Arguments against dependent claims are answered by responses to independent 

claims. 

3.10 Timson does disclose operating within a network environment and physical 
access to a computing system, (see Timson coS 3, Sines 2-4: network connection for 
communications for enabling module; col 6, lines 47-64: used in a network environment; 
server computer incorporated into a network configuration; access to secure areas 
(physical access to equipment such as computing system)) 
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Without a successful authorization comparison (a match), access is not permitted. 
Ail of the required functions are disclosed by Timson as indicated in the accompanying 
citations, (see Timson col. 3, line 34 - co!. 4, line 15: access information; 
request/response authorization information; comparison of candidate (authorization) 
information; authorization verification, or prohibition if verification not successful) The 
Examiner has evaluated Applicant's remarks (past and present) and has determined 
that the Applicant desires a third party to act as a resolution authority in performing an 
additional authentication service. 

Timson discloses the capability to add additional authentication modules to the 
authentication procedures. These additional authentication modules can generate a 
hierarchical structure for the authentication process with access to the resolution 
authority performed as a last authentication process as per claim limitation, (see 
Timson col 4, line 60 - col. 5, line 4: hierarchical authorization structure) The Timson 
and Moreh prior art combination discloses the usage of a resolution authority to provide 
an additional authentication services, (see Moreh col. 2, lines 48-62; col. 5, line 56 - 
col. 6, line 19: authentication services between client and server using intermediate 
entity (protocol proxy)) 

The enabling module can grant permissions by writing permissions data to a 
module to make if an enabling module such as the resolution authority in Moreh. 



4. 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
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obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1 - 4, 7 - 10, 14, 16 - 19, 24 - 26, 29 - 33, 37, 38 are rejected under 35 
U.S.C. 103(a) as being unpatentable overTimson et al. (US Patent No. 6,041,412) in 
view of Moreh et al. (US Patent No. 6,959,336) and further in view of Bacha et al. (US 
Patent No. 6,839,843). 

Regarding Claims 1,7, 24, 29, Timson discloses a method comprising: 

a) receiving, using a processing device, a first request, from a first sponsor of an 
access candidate, for access to a first security level in a computer network, 
wherein the first security level secures computational resources for accessing 
electronic data (see Timson col. 3, lines 34-40; col. 3, lines 57-64: request 
processing (i.e. request submitted and processed)) and 

c) : granting, using the processing device, access to the first security level based on 

a determina tion indicating that access to th e first level is not prohibited : (see 
Timson col. 3, lines 11-16: determine (i.e. comparing), enable (grant) access) 

Furthermore, Timson discloses the following: 

d) receiving, using the processing device, a second request, from a second sponsor 
of the access candidate, for access to a second security level in the computer 
network in response to the granting of access to the first security level, wherein 
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the second security level secures the electronic data; (see Timson col. 3, lines 
34-40; col. 3, lines 57-64: request processing (i.e. request submitted and 
processed); col 3, lines 2-4: network connection for communications for enabling 
module; col 6, lines 47-64: used in a network environment; server computer 
incorporated into a network configuration) 
e) determining, using the processing device, whether attributes of the access 
candidate satisfy access requirements of the electronic data secured by the 
second security level; (see Timson col. 2, lines 50-59: attributes; col. 3, lines 11- 
16: determine (i.e. comparing), enable access) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 

Furthermore, Timson discloses for f): .obtaining aylho request 
if the access cand idate attributes fail to satisfy the access requirement of the 
electronic data in response to a determination indicating that access to the second 
security level is prohibited; (see Timson col. 3, lines 34-40; col. 3, lines 57-64: 
request processing, resolution authority; col. 2, lines 50-59: attributes; col. 4, lines 7- 
1 1 : access determination (comparison, match) required for access (i.e. prohibited 
without authorization)) 

Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses for f): obtaining authorization for request from a resolution 
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authority; and for g): in response to obtaining the authorization from the resolution 
authority (see Moreh col. 2, lines 48-62; col. 5, line 56 - col. 6, line 19: authentication 
services between client and server using intermediate entity (protocol proxy)), 
granting the access candidate access to the second security level; (see Timson col. 
4, lines 7-15: access enabled (i.e. granted) based on transmitted permission data) 
It would have been obvious to one of ordinary skill in the art to modify Timson 
to use authentication services such as a resolution authority as taught by Moreh. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Moreh in order to permit users and service provides the flexibility of choosing where 
to authenticate, (see Moreh col. 2, lines 44-46) 

Timson-Moreh does not specifically disclose revising access requirements. 
However, Bacha discloses: 

b) determining, using the processing device, whether access candidate attributes 
satisfy access requirements of the resources, wherein the access candidate 
attributes are r evisable based, at least in part, on a determination indicating that 
access to the first leve l is prohibited, (see Bacha col. 1 0, lines 48-60: another 
authorized user such as a resolution authority with ability to update (or revise) 
access control information) 
It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for revising access requirements as taught by Bacha. One of ordinary skill in 
the art would have been motivated to employ the teachings of Bacha to improve 
system efficiency by centralization of user access information and to use richer 
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search parameters, (see Bacha col. 3, lines 18-24) 

Regarding Claims 2, 8, 17, 25, 31 , Timson discloses the method of Claims 1,8, 16, 24, 
30, further comprising granting access to the second security level in response to a 
determination indicating that access by the access candidate is not prohibited, (see 
Timson col. 4, lines 7-1 1 : access enabled (i.e. granted), not prohibited; col. 4, lines 7- 
1 1 : access determination (comparison, match) required for access (i.e. prohibited 
without authorization)) 

Regarding Claims 3, 9, 18, 32, Timson discloses the method of Claims 1, 7, 16, 30, 
further comprising denying access to the second security level if denied the third 
request, (see Timson col. 3, lines 28-32; col. 4, lines 11-15: access denied) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 
Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses a resolution authority, (see Moreh col. 2, lines 48-62; col. 5, 
line 56 - col. 6, line 19: authentication services between client and server using 
intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson to 
use authentication services such as a resolution authority as taught by Moreh. One of 
ordinary skill in the art would have been motivated to employ the teachings of Moreh in 
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order to permit users and service provides the flexibility of choosing where to 
authenticate, (see Moreh col. 2, lines 44-46) 

Regarding Claims 4, 10, 19, 26, 33, Timson discloses the method of Claims 1,7, 16, 
24, 30, wherein at least one of the access requirements of the resources and the 
access requirements of the electronic data are represented as part of a graphical 
display associated with the access candidate and accessed for display to a controller 
via a network, (see Timson col. 5, lines 26-35: display capability for user interface 
information; access permission information) 

Regarding Claims 14, 37, Timson discloses the method of Claims 7, 30, wherein at 
least one of the request for physical access or the request for access to the electronic 
data is submitted by more than one sponsor of the access candidate, (see Timson col. 
14, lines 13-20: request, 1st level security; col. 14, lines 25-35: request processing, 2nd 
level security) 

Regarding Claim 16, Timson discloses a system for providing an access candidate 
access to secured electronic data, the system comprising: 

a) storage means for receiving and storing electronic data using a computer 
network; (see Timson col. 1 8, lines 9-12; col. 1 8, lines 1 8-21 : storage capability 
for accessible data) 
Furthermore, Timson discloses the following: 
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c) means for granting access to the one or more resources if the first comparison 
indicates that access is not prohibited; (see Timson col. 5, lines 5-13: software 
means; col. 4, lines 7-1 1 : access enabled (i.e. granted)) 

d) means for evaluating a second request for access to the electronic data by the 
one or more resources, wherein an evaluation of the second request includes a 
second comparison of one or more attributes of the access candidate with one or 
more access requirements associated with the electronic data; (see Timson col. 
5, lines 5-13: software means; col. 2, lines 31-34; col. 2, lines 40-41 : 
interrogatable and enabling modules, resources to access and manipulate data) 

e) means for obtaining authorization for the second request, if the one or more 
attributes of the access candidate fails to satisfy one or more access 
requirements associated with the electronic data in response to the evaluation of 
the_.segon^ 

(see Timson col. 5, lines 5-13: software means; col. 3, lines 34-40; col. 3, lines 
57-64: request processing, must be authorized (not prohibited) to access data) 
and 

f) means for granting access to the electronic data using the one or more resources 
in response to obtaining the au thorization, (see Timson col. 5, lines 5-13: 
software means; col. 3, lines 28-32; col. 4, lines 11-15: access enabled (i.e. 
granted)) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 
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Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. However, Moreh discloses obtaining the authorization from 
the resolution authority , (see Moreh col. 2, lines 48-62; col. 5, line 56 - col. 6, line 
19: authentication services between client and server using intermediate entity 
(protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson 
to use authentication services such as a resolution authority as taught by Moreh. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Moreh in order to permit users and service provides the flexibility of choosing where 
to authenticate, (see Moreh col. 2, lines 44-46) 

Furthermore, Timson discloses for b): means for evaluating a first request for access 
to the one or more resources, in the computer network, wherein the resources 
secure the electronic data, and wherein an evaluation of the first request includes a 
first comparison of one or more attributes of the access candidate with one or more 
access requirements associated with the resources : (see Timson col. 5, lines 5-13: 
software means; col. 2, lines 50-59: attributes; col. 3, lines 34-40; col. 3, lines 57-64: 
request processing, evaluation to enable access) 

Timson-Moreh does not specifically disclose revising access requirements. 
However, Bacha discloses: 

b) wherein the one or more attributes of the access candidate are revisable if the 
first comparison indicates that access is prohibited ; (see Bacha col. 10, lines 48- 
60: another authorized user such as a resolution authority with ability to update 
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access control information) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 

Moreh for revising access requirements as taught by Bacha. One of ordinary skill in 

the art would have been motivated to employ the teachings of Bacha to improve 

system efficiency by centralization of user access information and to use richer 

search parameters, (see Bacha col. 3, lines 18-24) 

Regarding Claim 30, Timson discloses an article of manufacture including a non- 
transitory computer-readable medium having instructions stored thereon, execution of 
which causes a processing device to perform operations comprising: 

a) receiving, using a processing device, a request for access to a first security level 
in a computer network; (see Timson col. 3, lines 34-40: request processing (i.e. 
submitted and processed)) 
Furthermore, Timson disclose the following: 

c) granting, using the processing device, access to the first security level based on 
a comparison indicating that access b y the access candidate to the first security 
level is not prohibited : (see Timson col. 14, lines 13-20: 1st security level 
processing) 

d) receiving, using the processing device, a request for access to a second security 
level in the computer network; (see Timson col. 3, lines 34-40; col. 3, lines 57-64: 
request processing (i.e. submitted and processed)) and 
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d) obtaining authorization for the request in response to a comparison indicating 
that access by the access candidate is prohibited,, (see Timson col. 3, lines 34- 
40; col. 3, lines 57-64: request processing; col. 14, lines 25-35: 2nd security level 
processing; col. 4, lines 7-1 1 : access determination (comparison, match) 
required for access (i.e. prohibited without authorization)) 

Furthermore, Timson discloses the generation of a hierarchical structure for access 
determination such as additional authorization modules, (see Timson col 4, line 60 - 
col. 5, line 4: hierarchical authorization structure) 

Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses obtaining authorization from a resolution authority, (see 
Moreh col. 2, lines 48-62; col. 5, line 56 - col. 6, line 19: authentication services 
between client and server using intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson 
to use authentication services such as a resolution authority as taught by Moreh. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Moreh in order to permit users and service provides the flexibility of choosing where 
to authenticate, (see Moreh col. 2, lines 44-46) 

Timson-Moreh does not specifically disclose modifying access requirements. 
However, Bacha discloses modifies one or more access requirements associated 
with second security level, (see Bacha col. 10, lines 48-60: another authorized user 
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such as a resolution authority with ability to update access control information) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for modifying access requirements as taught by Bacha. One of ordinary skill 
in the art would have been motivated to employ the teachings of Bacha to improve 
system efficiency by centralization of user access information and to use richer 
search parameters, (see Bacha col. 3, lines 18-24) 

Regarding Claim 38, Timson discloses the method as in claim 1, further comprising 
determining the authorization by granting a waiver of the access requirements, (see 
Timson col. 4, lines 44-56: permission attributes for records are changeable; col 10, 
lines 37-45: generation of access permissions, data modules) 

6. Claims 5, 6, 1 1 - 1 3, 1 5, 20 - 23, 27, 28, 34 - 36, 41 - 44 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Timson-Moreh-Bacha and further in view of 
Orsini et al. (US PGPUB No. 20040049687). 

Regarding Claims 5, 11, 13, 27, Timson discloses the method of Claims 1, 7, 24, 
wherein the access requirements, (see Timson col. 2, lines 50-59; col. 2, lines 41 -49: 
attributes, permissions; col. 3, lines 34-40: required to access resources) 
Timson does not specifically disclose the access requirements comprise a citizenship 
status of the access candidate or a current location of the access candidate. 
However, Orsini discloses wherein at least one of access requirements of the resource 
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and the access requirements of the electronic data comprise a citizenship status of the 
access candidate or a current location of the access candidate, (see Orsini paragraph 
[0013], lines 1-3; paragraph [0060], lines 4-13: management of secure data, parameters 
(i.e. attributes) agreement, location information) 

It would have been obvious to one of ordinary skill in the art to modify Timson for 
one or more access requirements related to at least one of a citizenship status of the 
access candidate and a current location of the access candidate as taught by Orsini. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Orsini for a relatively fast, secure, and efficient authentication of data streams, (see 
Orsini paragraph [0012], lines 1-3; paragraph [0013], lines 1-3) 

Regarding Claims 6, 1 2, 22, 28, 36, Timson discloses the method of Claims 5, 11, 16, 
27, 30, wherein the one or more attributes of the access candidate, (see Timson col. 2, 
lines 50-59: permissions, attributes for requestor (i.e. access candidate); col. 3, lines 34- 
40: required to access resources) 

Timson does not specifically disclose attributes comprise a citizenship status of the 

access candidate or a current location of the access candidate. 

However, Orsini discloses wherein one or more attributes of the access candidate relate 

to the at least one of a citizenship status of the access candidate or a current location of 

the access candidate, (see Orsini paragraph [0013], lines 1-3; paragraph [0060], lines 

4-13: management of secure data, parameters (i.e. attributes) agreement, location 

information) 
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It would have been obvious to one of ordinary skill in the art to modify Timson for 
attributes comprise a citizenship status of the access candidate or a current location of 
the access candidate as taught by Orsini. One of ordinary skill in the art would have 
been motivated to employ the teachings of Orsini for a relatively fast, secure, and 
efficient authentication of data streams, (see Orsini paragraph [001 2], lines 1 -3; 
paragraph [0013], lines 1-3) 

Regarding Claim 15, Timson discloses a method comprising: 

a) identifying, using a processing device, a plurality of data subsets of the electronic 
data, wherein respective data subsets correspond to respective sets of access 
requirements; (see Timson col. 6 lines 43-46; multiple data sets and data 
records (i.e. a plurality of datasets)) 

Furthermore, Timson disclose the following: 

e) granting, using the processing device, access to the first security level based on 
a determination indicating that access to the first security level is not prohibited; 
((see Timson col. 14, lines 13-20: request, 1st level security) 

g) determining, using the processing device, whether attributes of the access 
candidate satisfy the respective set of access requirements corresponding to the 
at least one of the plurality of data subsets; (see Timson col. 2, lines 50-59: 
attributes; col. 3, lines 11-16: determine (i.e. comparing), enable access) 

i) in response to obtaining the auth orization granting access to the second security 
level, (see Timson col. 14, lines 25-35: request, 2nd level security; col. 4, lines 7- 
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1 1 : access enabled (i.e. granted)) 
Furthermore, Timson discloses 

for b): determining, using the processing device, at least one data class associated 
with the respective data subsets (see Timson col. 2, lines 50-59: one data class 
or attributes of a class), and 

for c): receiving, using the processing device, a first request, from a first sponsor of 
the access candidate, for access to a first security level in a computer network, 
wherein the first security level secures physical access to a computer workstation 
for accessing the electronic data, (see Timson col. 3, lines 34-40: request 
processing; col. 2, lines 56-59; col. 17, lines 4-11 : country attribute, requestor 
attributes; col. 14, lines 13-20: request, 1st level security), and 

for f): receiving, using the processing device, a second request, a second sponsor of 
the access candidate, for access to a second security level in the computer 
network in response to the granting of access to the first security level, wherein 
the second security level secures access to at least one of the plurality of data 
subsets; (see Timson col. 14, lines 25-35: request, 2nd level security; col. 3, lines 
34-40: permissions required to access data; col. 4, lines 7-1 1 : access 
determination (comparison, match) required for access (i.e. prohibited without 
authorization)) 

Furthermore, Timson discloses for h): obtaining authorization for the second request 
if the access candidate attributes fail to satisfy the respective set of access 
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requirements corresponding to the at least one of the plurality of data subsets in 
response to a determination indicating that access to the at least one of the plurality 
of data subsets is prohibited, (see Timson col 4, line 60 - col. 5, line 4: additional 
authorization modules) 

Timson does not specifically disclose obtaining authorization from a resolution 
authority or a 3 rd party providing authentication services. 

However, Moreh discloses for h): obtaining authorization from a resolution authority, 
(see Moreh col. 2, lines 48-62; col. 5, line 56 - col. 6, line 19: authentication services 
between client and server using intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Orsini to use authentication services such as a resolution authority as taught by 
Moreh. One of ordinary skill in the art would have been motivated to employ the 
teachings of Moreh to permit users and service provides the flexibility of choosing 
where to authenticate, (see Moreh col. 2, lines 44-46) 

Timson-Moreh does not specifically disclose an indication of a citizenship status of 
the access candidate, an indication of a current location of the access candidate, 
and an indication of an existence of a data access agreement with the access 
candidate. 

However, Orsini discloses the following: 

b) at least a citizenship requirement and a location requirement for access to data 
associated with the at lease one data class; (see Orsini paragraph [0013], lines 
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1-3; paragraph [0060], lines 4-13: management of secure data, parameters (i.e. 
attributes) agreement, location information) 
c) an indication of a citizenship status of the access candidate, an indication of a 
current location of the access candidate, and an indication of an existence of a 
data access agreement with the access candidate; (see Orsini paragraph [0013], 
lines 1-3; paragraph [0060], lines 4-13: management of secure data, parameters 
(i.e. attributes) agreement, location information, citizenship information) 
It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for the request including an indication of a citizenship status of the access 
candidate, an indication of a current location of the access candidate, and an 
indication of an existence of a data access agreement with the access candidate as 
taught by Orsini. One of ordinary skill in the art would have been motivated to 
employ the teachings of Orsini for a relatively fast, secure, and efficient 
authentication of data streams, (see Orsini paragraph [001 2], lines 1 -3; paragraph 
[0013], lines 1-3) 

Timson-Moreh-Orsini does not specifically disclose revising access requirements. 
However, Bacha discloses: for d): determinin g, using the processing device, whether 
the access candidate attributes satisfy access requirements of the first security level, 
wherein the access candidate attributes . are reyisable based, at least in part, on a 
determination indicating that access to the first security level is prohibited; (see 
Bacha col. 10, lines 48-60: another authorized user such as a resolution authority 
with ability to update access control information) 
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It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh-Orsini for revising access requirements as taught by Bacha. One of ordinary 
skill in the art would have been motivated to employ the teachings of Bacha to 
improve system efficiency by centralization of user access information and to use 
richer search parameters, (see Bacha col. 3, lines 18-24) 



Regarding Claim 20, Timson discloses the system of Claim 16, wherein one or more 
access requirements, (see Timson col. 3, lines 34-40; col. 3, lines 57-64: request 
processing; col. 2, lines 56-59; col. 17, lines 4-1 1 : country information, attributes) 
Timson does not specifically disclose at least one of: a valid data access agreement 
with a potential access candidate; a current location of the potential access candidate; 
and a citizenship status of the potential access candidate. 

However, Orsini discloses wherein atjeast .one of the one or more access requirements 
associated with the resources and the one or more access req uirements associated 
with the electronic data relates to at least one of: a valid data access agreement with a 
potential access candidate; a current location of the potential access candidate; and a 
citizenship status of the potential access candidate, (see Orsini paragraph [0013], lines 
1-3; paragraph [0060], lines 4-13: management of secure data, parameters (i.e. 
attributes) agreement, location information) 

It would have been obvious to one of ordinary skill in the art to modify Timson for at 
least one of: a valid data access agreement with a potential access candidate; a current 
location of the potential access candidate; and a citizenship status of the potential 



Application/Control Number: 10/659,368 Page 22 

Art Unit: 2436 

access candidate as taught by Orsini. One of ordinary skill in the art would have been 
motivated to employ the teachings of Orsini for a relatively fast, secure, and efficient 
authentication of data streams, (see Orsini paragraph [001 2], lines 1 -3; paragraph 
[0013], lines 1-3) 

Regarding Claims 21, 34, 35, Timson discloses the system of Claims 20, 30, 34, 
wherein attributes of the access candidate, (see Timson col. 2, lines 50-56: attributes; 
col. 2, lines 56-59; col. 1 7, lines 4-1 1 : country attribute, resource access) Timson does 
not specifically disclose at least one of: an indication of an existence of a data access 
agreement with the access candidate; a current location of the access candidate; and a 
citizenship status of the access candidate. 

However, Orsini discloses wherein at least one of: an indication an existence of a data 
access agreement with the access candidate; a current location of the access 
candidate; or a citizenship status of the access candidate, (see Orsini paragraph 
[0013], lines 1-3; paragraph [0060], lines 4-13: management of secure data, parameters 
(i.e. attributes) agreement, location information) 

It would have been obvious to one of ordinary skill in the art to modify Timson for at 
least one of: an indication an existence of a data access agreement with the access 
candidate; a current location of the access candidate; and a citizenship status of the 
access candidate as taught by Orsini. One of ordinary skill in the art would have been 
motivated to employ the teachings of Orsini for a relatively fast, secure, and efficient 
authentication of data streams, (see Orsini paragraph [0012], lines 1-3; paragraph 
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[0013], lines 1-3) 
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Regarding Claim 23, Timson discloses a system comprising: 

a) storage configured to receive and store the electronic data using a computer 
network; (see Timson col. 18, lines 9-12; col. 18, lines 18-21 : storage capability, 
data, information) 

Furthermore, Timson disclose the following: 

b) one or more resources configured to process and manipulate the electronic data 
using a computer network; (see Timson col. 2, lines 31 -34; col. 2, lines 40-41 : 
interrogatable and enabling modules, resources to process and manipulate data) 

e) adapted to authorize access to one or more portions of the electronic data in 
response to a comparison performed by a corresponding data access controller 
indicates access is prohibited; (see Timson col. 2, lines 31-34; col. 2, lines 40-41 : 
interrogatable and enabling modules, resources (i.e. resolution authorities) to 
control access and manipulate data; col. 3, lines 34-40: authorization required to 
access data; col. 4, lines 7-1 1 : access determination (comparison, match) 
required for access (i.e. prohibited without authorization)) and 

f) a data access module configured to: evaluate a request for access to one or 
more portions of the electronic data by the one or more resources to identify one 
or more data access controllers corresponding to the one or more portions of the 
electronic data; (see Timson col. 3, lines 34-40; col. 3, lines 57-64: request 
processing; col. 2, lines 31-34; col. 2, lines 40-41 : interrogatable and enabling 
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modules, resources (i.e. controllers) to enable (i.e. grant) access to data)) and 
g) forward the request for access to the one or more identified data access 

controllers for evaluation as to whether to grant the access candidate access to 
the corresponding one or more portions of the electronic data, (see Timson col. 
3, lines 34-40; col. 3, lines 57-64: request processing (i.e. submit, forward 
request for processing); col. 2, lines 31-34; col. 2, lines 40-41 : interrogatable and 
enabling modules, resources to enable (i.e. grant) control access to data)) 

Furthermore, Timson discloses wherein one or more data access controllers 
configured to grant access to a corresponding portion of the electronic data based at 
least in part on a comparison, and associated with one or more resources or data 
classes of the corresponding portion of the electronic data, (see Timson col. 2, 
lines 31-34; col. 2, lines 40-41 : interrogatable and enabling modules, resources to 
access and manipulate data; col. 4, lines 7-1 1 : access enabled (i.e. granted)) 

Furthermore, Timson discloses access determination using additional authorization 
modules, (see Timson col 4, line 60 - col. 5, line 4: additional authorization modules) 

Timson does not specifically disclose a resolution authority or a 3 rd party providing 
authentication services. 

However, Moreh discloses a resolution authority, (see Moreh col. 2, lines 48-62; col. 
5, line 56 - col. 6, line 19: authentication services between client and server using 
intermediate entity (protocol proxy)) 

It would have been obvious to one of ordinary skill in the art to modify Timson 
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to use authentication services such as a resolution authority as taught by Moreh. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Moreh to permit users and service provides the flexibility of choosing where to 
authenticate, (see Moreh col. 2, lines 44-46) 

Timson-Moreh does not specifically disclose a citizenship status, a current location 
of the access candidate and an existence of a data access agreement with a 
citizenship requirement, location requirement and data access agreement 
requirement. 

However, Orsini discloses the following: 

c) a citizenship status and a current location of the access candidate and an 
existence of a data access agreement with a citizenship requirement, wherein 
the location requirement and the data access agreement requirement; (see 
Orsini paragraph [0013], lines 1-3; paragraph [0060], lines 4-13: management of 
secure data, parameters (i.e. attributes) agreement, location information) 

d) the citizenship status and the current location of the access candidate with a 
citizenship requirement and a location requirement; (see Orsini paragraph 
[0013], lines 1-3; paragraph [0060], lines 4-13: management of secure data, 
parameters (i.e. attributes) agreement, location information) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for at least one of: an indication an existence of a data access agreement 
with the access candidate; a current location of the access candidate; and a 
citizenship status of the access candidate as taught by Orsini. One of ordinary skill 
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in the art would have been motivated to employ the teachings of Orsini for a 
relatively fast, secure, and efficient authentication of data streams, (see Orsini 
paragraph [0012], lines 1-3; paragraph [0013], lines 1-3) 

Timson-Moreh-Orsini does not specifically disclose modifying access requirements. 
However, Bacha discloses configured to modify the one or more access 
requirements, (see Bacha col. 10, lines 48-60: another authorized user such as a 
resolution authority with ability to update access control information) 

It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh-Orsini for modifying access requirements as taught by Bacha. One of 
ordinary skill in the art would have been motivated to employ the teachings of Bacha 
to improve system efficiency by centralization of user access information and to use 
richer search parameters, (see Bacha col. 3, lines 18-24) 

Regarding Claim 41 , Timson discloses the method of claim 1 . (see Timson col. 2, lines 
31-34; col. 2, lines 40-41 : interrogatable and enabling modules to control access and 
manipulate data; col. 3, lines 34-40; col. 4, lines 7-1 1 : authorization required to access 
data) 

Timson does not specifically disclose for supplemental evidence to verify the attributes. 
However, Orsini discloses receiving supplemental evidence verifying the attributes of 
the access candidate, (see Orsini paragraph [0013], lines 1-3; paragraph [0060], lines 4- 
13: management of secure data, parameters (i.e. attributes) agreement, location 
information) 
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It would have been obvious to one of ordinary skill in the art to modify Timson- 
Moreh for supplemental evidence such as current location to verify the attributes as 
taught by Orsini. One of ordinary skill in the art would have been motivated to employ 
the teachings of Orsini for a relatively fast, secure, and efficient authentication of data 
streams, (see Orsini paragraph [001 2], lines 1 -3; paragraph [001 3], lines 1 -3) 

Regarding Claim 42, Timson discloses the system of claim 15, wherein the data 
subsets are separated into the at least one data class based on a data provider of the 
data (see Timson col. 2, lines 31-34; col. 2, lines 40-41 : interrogatable and enabling 
modules to control access and manipulate data; col. 3, lines 34-40; col. 4, lines 7-1 1 : 
authorization required to access data; col. 2, lines 50-59: one data class or attributes of 
a class; financial and banking information (data provider)) 

Regarding Claim 43, Timson discloses the method of claim 15, wherein the physical 
access comprises physical access to a facility housing the computer workstation, (see 
Timson col 5, lines 31-35: access to computer monitor display (login); col 6, lines 47-64; 
col 10, lines 51-59) 

Regarding Claim 44, Timson discloses the method of claim 15, wherein the physical 
access comprises logging on to the computer workstation, (see Timson col 5, lines 31- 
35: access to computer monitor display (login); col 6, lines 47-64) 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571 - 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
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Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Carlton V. Johnson 

Examiner 

Art Unit 2436 



CVJ 

December 20, 2010 



/Nasser Moazzami/ 

Supervisory Patent Examiner, Art Unit 2436 



